REMARKS 

In the Office Action mailed July 26, 2007 ("Office Action"), Claims 1-47, 51, 52, and 57- 
59 were rejected under 35 U.S.C. § 102(e) as being anticipated by Sobel et aL, U.S. Publication 
No. 20040103310, (hereinafter "Sobel"). Claims 39, 41-49, 51, and 52 were rejected under 
35 U.S.C. § 102(e) as being anticipated by Herrmann et al., U.S. Pubhcation No. 20040107360, 
(hereinafter "Herrmann"). Claims 53-56 were rejected under 35 U.S.C. § 103(a) over Sobel in 
view of Lineman et aL, U.S. Pubhcation No. 20030065942, (hereinafter "Lineman"). Further, 
Claims 50 and 53-56 were rejected under 35 U.S.C. § 103(a) over Hemnann in view of Lineman. 
Applicants respectfully traverse these rejections. 

In response to the Office Action, applicants have amended Claims 1, 9, 10, 14-16, 26, 30 
33, 35, 36, 38, 39, 47, 51, 53, and 56. Applicants have canceled Claims 52, 54, 55, and 57-59. 
Applicants have added Claims 60-63. Accordingly, Claims 1-51, 53, 56, and 60-63 are currently 
pending in this application. Applicants have carefiiUy considered the issues raised in the Office 
Action and request reconsideration and allowance of the claims in view of the remarks set forth 
below. 

Rejections Under 35 U.S.C. § 102(e) 

The Office Action rejected Claims 1-47, 51, 52, and 57-59 under 35 U.S.C. § 102(e) as 
being anticipated by Sobel and Herrmami. Applicants respectfully traverse these rejections. 

Claims 1-14. 60. 62 and 63 

Independent Claim 1, as amended, recites: 

1. A method for providing security in a computer system, comprising: 
selecting a set of properties for use in determining if an item is 

clean; 

evaluating an item to determine if it has the specified set of 
properties; 

sending an add request to a clean group server; and 
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if the clean group server determines that the item has the specified 
set of properties, the clean group server designating the item as a member 
of a clean group. 

With respect to Claim 1, the Office Action recites various portions of Sobel as generally 
applying to the evaluation, request, and determination features of Claim 1. Applicants 
respectfully traverse this objection. Sobel describes a locally installed compliance verification 
component (Fig. 1, 190) that itself "deteraiines 210 whether the client is in compliance with the 
security policies." (Para. 20). Applicants respectfully submit that Sobel does not describe a clean 
group server determining that an item has a specified set of properties before the clean group 
server designates the item as a member of a clean group. Applicants thus submit that withdrawal 
of the 35 U.S.C. § 102(e) rejection with respect to Claim 1 is merited. 

Rejected Claims 2-14, and new Claims 60, 62, and 63 depend from Claim 1. Applicants 
submit that Claims 2-14, 60, 62, and 63 are allowable at least by virtue of this dependency, as 
well as by virtue of the other limitations set forth therein, hi particular, the prior art does not 
disclose taking steps to ensure the security of the item that include at least hiding the domain 
credenfials of the item (Claim 9), hiding cryptographic keys (Claim 10), erasing the domain 
credentials of the item (Claim 62), or logging out a privileged user (Claim 63), Accordingly, 
applicants submit that Claims 2-14, 60, 62, and 63 are patentable over the cited prior art and 
respectfully request withdrawal of the rejection of these claims under 35 U.S.C. § 102(e). 

Claims 15-25 and 61 

Independent Claim 15, as amended, recites: 

15. A system for managing security, comprising: 
a clean group sei-ver; 

an update component which includes updates for items; 

a clean mntime component, the clean runtime component being 
installed on an item and being able to communicate with the update 
component and the clean group server; 
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the clean runtime component sending an add request to the clean 
group server; and 

if the clean group server determines that the item lias a specified 
set of properties, the clean group server designating the item as a member 
of a clean group. 

The Office Action does not cite to a specific portion of Sobel as applying to the features 
of Claim 15. Nonetheless, appHcants have carefully reviewed and considered Sobel, and 
respectfully submits that Sobel does not teach or suggest all of the limitations of Claim 15 as set 
forth above. Notably, as argued above with respect to Claim 1, apphcants submit that Sobel does 
not teach that if a clean group server determines that the item has a speci fied set of properties, 
the clean group server designates the item as a member of a clean group. Applicants thus submit 
that withdrawal of the 35 U.S.C. § 102(e) rejection is merited. 

Rejected Claims 16-25 and new Claim 60 depend from Claim 15. Applicants submit that 
Claims 16-25 and 60 are allowable at least by virtue of this dependency, as well as by virtue of 
the other limitations set forth therein. In particular, with respect to Claim 16, the Office Action 
cites to various portions of Fig. 1 of Sobel as disclosing a domain controller which 
communicates with the clean group server. Apphcants respectfully traverse this objection. The 
cited portions of Sobel disclose a DHCP server, which those skilled in the art would recognize 
functions to supply network addresses to cUent computers. Applicants submit that this does not 
disclose or suggest a domain controller, which tliose skilled in the art would recognize as 
functioning at least to manage domain user, computer, and group permissions to access 
networked resources. Accordingly, applicants submit that Claims 16-25 and 60 are patentable 
over the cited prior art and respectfully request withdrawal of the rejection of these claims under 
35 U.S.C. § 102(e). 

Claims 26-32 

Independent Claim 26, as amended, recites: 
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26. One or more computer-readable media having computer 
executable components for providing security in a computer system, the 
computer executable components comprising: 

a runtime object for installation on a computer, wherein the 
runtime object, when executed, deteraiines if the computer has a specified 
set of properties, and sends an add request to a clean group server; 

instructions for installation on a clean group server for processing 
the add request, wherein the instmctions, when executed, cause the clean 
group server to designate the computer as a member of a clean group, if 
the clean group server determines that the add request is valid. 

The Office Action recites various portions of Sobel as applying to the features of 

Claim 26. Applicants respectfully traverse this objection. As argued above with respect to 

Claim 1, applicants submit that Sobel does not describe one or more computer-readable media 

containing instructions for installation on a clean group server for processing an add request, 

wherein the instructions, when executed, cause the clean group server to designate the computer 

as a member of a clean group, if the clean group server determines that the add request is valid. 

Applicants thus submit that withdrawal of the 35 U.S.C. § 102(e) rejection with respect to 

Claim 26 is merited. 

Rejected Claims 27-32 are dependent on Claim 26. Applicants submit that Claims 27-32 
are allowable at least by virtue of this dependency, as well as by virtue of the other limitations 
set forth therein. Accordingly, applicants submit that Claims 27-32 are patentable over the cited 
prior art and respectfully request withdrawal of the rejection of these claims under 35 U.S.C. 
§ 102(e). 

Claims 33-38 

Independent Claim 33, as amended for purposes of clarity, recites: 

33. A method for providing security in a computer system, comprising: 
selecting a set of properties for use in determining if a computer is 

clean; 

evaluating a computer to determine if it has the specified set of 
properties; 
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sending an add request to a clean group server; and 

based on whether or not the clean group server determines that the 

computer is in compliance, the clean group server disabling or enabhng 

the computer domain account. 

The Office Action recites various portions of Sobel as generally applying to the 
evaluation, request, and determination features of Claim 33. Applicants respectfully traverse this 
objection. Similar to Claim 1, appHcants respectfully submit that Sobel does not describe a clean 
group server determining that an item has a specified set of properties before the clean group 
server takes action. Further, appUcants respectfully submit that Sobel does not disclose or 
suggest discibling or enabling the computer domain account. Applicants thus submit that 
withdrawal of the 35 U.S.C. § 1 02(e) rejection with respect to Claim 33 is merited. 

Rejected Claims 34-38 are dependent on Claim 33. Applicants submit that Claims 34-38 
are allowable at least by virtue of this dependency, as well as by virtue of the other limitations 
set forth therein, hi particular, applicants respectfully submit that the prior art does not disclose 
or suggest placing the computer's domain account in a disabled state until the computer is proved 
to be in compliance (Claim 34), or requiring the clean group server to participate in the domain 
join operation (Claim 35). Accordingly, applicants submit that Claims 34-38 are patentable over 
the cited prior art and respectfully request withdrawal of the rejection of these claims under 
35 U.S.C. § 102(e). 

Claims 39-47, 51. 53. and 56 

Independent Claim 39, as amended for purposes of clarity, recites: 

39. A method for providing security in a computer system, comprising: 
performing compliance checks for items; 

placing items which pass the comphance check into a clean group; 

and 

removing items from the clean group which fail the compliance 

check; 
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wherein items within the clean gi'oup can access a collection of 
IPSec communication requirements and parameters that allow them to 
communicate witli other items within the clean group; and 

items not within the clean group cannot access the collection of 
IPSec communication requirements and parameters, and are thereby 
quarantined from receiving information from or sending information to 
items within the clean group. 

The Office Action recites various portions of Sobel and Herrmann as applying to the 
features of Claim 39. However, applicants submit that neither Sobel nor Herrmarm discloses or 
suggests items within the clean group can access a collection of IPSec communication 
requirements and parameters that allow them to communicate with other items within the clean 
group. Applicants further submit that neither Sobel nor Herrmann discloses or suggests items 
not within the clean group camiot access the collection of IPSec communication requirements 
and parameters, and are thereby quarantined from receiving infonnation from or sending 
information to items within the clean group. Indeed, the Office Action admits that neither Sobel 
nor Hernnann discloses "computers which are not members of the clean group are effectively 
prevented from communicating with computers in the clean group, thus in effect providing a 
quarantine mechanism." Paras. 15, 20. Applicants thus submit that withdrawal of the 35 U.S.C. 
§ 102(e) rejection with respect to Claim 39 is merited. 

Rejected Claims 40-49, 51, 53, and 56 are dependent on Claim 39. Apphcants submit 
that Claims 40-47 and 51 are allowable at least by virtue of this dependency, as well as by virtue 
of the other limitations set forth therein. In particular, as admitted in the Office Action 
(Paras. 16, 21), neither Sobel nor Herrmarm discloses the security policy provides IPSec 
communication requirements and parameters, as recited in Claim 53. Accordingly, applicants 
submit that Claims 40-49, 51, 53, and 56 are patentable over the cited prior art and respectfully 
request withdrawal of the rejection of these claims under 35 U.S.C. § 102(e). 
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35 US,C. § 103(a) Rejections 
Claims 53 and 56 

The Office Action asserts that Claims 53 and 56 are unpatentable over Sobel in view of 
Lineman, and are also unpatentable over Herrmaim in view of Lineman. Applicants respectfully 
traverse these rejections. Rejected Claims 53 and 56 are dependent on Claim 39. Apphcants 
submit that Claims 53 and 56 are allowable at least by virtue of this dependency, as well as by 
virtue of the other limitations set forth therein. In particular, with regard to Claim 53, neither 
Sobel, Lineman, nor Herrmann either discloses or suggests giving access to the collection of 
IPSec settings by binding active directory group policy to the clean group membership such that 
only members of the clean group can read the policy. Applicants therefore respectfully request 
withdrawal of the rejection of this claim under 35 U.S.C. § 103(a). 
Conclusion 

In view of the foregoing amendments and remarks, apphcants submit that Claims 1-51, 
53, 56, and 60-63 are in condition for allowance over the cited and apphed references, and 
respectfully request reconsideration and allowance of the same. If the Examiner has any 
questions or comments concerning this matter, the Examiner is invited to contact the undersigned 
at the number set forth below. 

Respectfully submitted, 

CHRISTENSEN O'CONNOR 
JOHNSON KlNr»ffiSS^'^^^% 

Melanie J. Seehg 
Registration No. 44,328 
Direct Dial No. 206.695.1764 

MJS:lal:lpz 
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